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(54) Data transfer verification based on unique id codes 



(57) A method of transferring a data packet from a 
providing communication terminal to a requesting com- 
munication terminal, wherein the requesting communi- 
cation terminal transfers a message to the providing 
communication terminal including a requests for receiv- 
ing the data packet and a first unique identification code 
identifying the requesting communication terminal. Up- 
on receipt of the message the providing communication 
terminal verifies the validity of the first unique identifica- 



tion code. When the verification has been ended suc- 
cessfully, the providing communication terminal re- 
sponds by transferring a message to the requesting 
communication terminal including the requested data 
packet and a second unique identification code. Then 
the requesting communication terminal verifies the va- 
lidity of the second unique identification code and stores 
the data packet accordingly when the verification has 
been successful. 
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Description 



to a new method for 
a software sequence. 



[0001] The invention relates 
transferring a data packet, e.g. 
between two communication terminals. 
[0002] Until now communication terminals, such as 
cellular phones, are loaded with software when leaving 
the factory. The software is normally flashed into a flash 
ROM during the assembly of the terminal. A Master Soft- 
ware is copied into the terminal. During the product life- 
time the software development continues. This means 
if minor software improvements are introduced after the 
launch of the terminal, the Master Software is amended 
so subsequently manufactured terminals contain copies 
of the amended version. 

[0003] When a terminal has been sent for service the 
entire set of software instructions (the operative system 
of the terminal) will very often become updated by re- 
flashing a copy of the Master Software. The user will 
normally not notice any difference. The loading of soft- 
ware has been performed by inserting a plug into the 
terminal thus establishing an electronic connection. 
[0004] However the assignee presented a Smart 
Messaging concept at the CeBIT fair in 1997. Hereby 
any GSM phone with the SMS (Short Message Service) 
capability can access the services. The Smart Messag- 
ing technology allows the GSM subscriber access to a 
wide range of new applications, such as information and 
"infotainment" services and the Internet. Services could 
include flight schedules, weather reports, stock news, 
currency rates, telebanking information, sports news 
and movie listings. Furthermore the concept may be 
used for downloading software sold in aftersale. E.g. 
new ringing tones may be downloaded Over The Air 
(OTA). 

[0005] Communication terminals such as cellular 
phones have yet to be type approved in order to ensure 
that the activity of the terminal does not interact with the 
network or other types of electronic equipment in an un- 
intended or unfavorable manner. Therefore both the 
manufacturer and the owner of such a communication 
terminal have a need for securing the terminal against 
unauthorized software loading into the phone. 
[0006] According to one aspect of the present inven- 
tion there is provided a method of transferring a data 
packet from a providing communication terminal to a re- 
questing communication terminal, wherein said re- 
questing communication terminal transfers a message 
to the providing communication terminal including a re- 
quest for receiving the data packet and a first unique 
identification code identifying the requesting communi- 
cation terminal; said providing communication terminal 
verifies the validity of the first unique identification code, 
and upon a successful verification, responds by trans- 
ferring a message to the requesting communication ter- 
minal including the requested data packet and a second 
unique identification code; and said requesting commu- 
nication terminal verifies the validity of the second 



unique identification code, and upon a successful veri- 
fication, stores the data packet accordingly. 
[0007] Hereby, in embodiments of the invention, the 
providing communication terminal has an opportunity to 

5 verify the identity of the requesting communication ter- 
minal before the delivery of the data packet. By control- 
ling the validity of the second unique identification code 
the requesting communication terminal may verify the 
identity of the providing communication terminal and 

w thereby check whether the data packet is provided by 
an authorized provider or not. If the data packet is 
deemed to be provided by an authorized provider the 
requesting communication terminal stores the received 
data packet and if the data packet includes a computer 

15 program or parts thereof the terminal automatically runs 
the required setup routines. 

[0008] In cellular communication systems the provid- 
ing communication terminal may advantageously be a 
fixed unit which is a part of a wireless communication 
20 network, while the requesting communication terminal 
then may be a mobile unit communicating via said wire- 
less communication network. 

[0009] In a cellular system as e.g. the GSM network 
the requesting communication terminal may be a GSM 

25 phone and the first unique identification code may in- 
clude an International Mobile Equipment Identity (IMEI) 
code. The IMEI code uniquely identifies the phone and 
includes a Type Approval Code (TAC). a Final Assembly 
Code (FAC) identifying the assembly plant and a serial 

30 number (SN). In total the IMEI code includes 15 digits. 
In the GSM system its is a part of the standard that the 
mobile stations (phone) transfer their IMEI code to the 
network operator in response to a request (RIL3-MM 
IDENTITY REQUEST message), and these requests 

35 are given in order to identify the phone, e.g. upon loca- 
tion update or in order identify failures in the system. 
[0010] A Master Password is defined by the adminis- 
trator of the providing communication terminal. Phones 
or a communication terminal supporting the data packet 

40 verification method according to embodiments of the in- 
vention, are each provided with a phone password. The 
phone password is stored in the phone and is calculated 
by combining the IMEI number and the Master Pass- 
word by means of a secure hash algorithm, such as a 

45 public key algorithm (e.g. the MD5 algorithm from the 
RSA Data Security Company). The MD5 algorithm is a 
one-way hash function producing a 128 bit hash value 
(16 byte) from input messages of arbitrary length. 
[0011] When the administrator of the providing com- 

50 munication terminal transmits the data packet the phone 
password calculated based on the Master Password 
may be used for the calculation of the second unique 
identification code. This second unique identification 
code is calculated by combining the code image of the 

55 data packet to be sent and the phone password by 
means of an secure hash algorithm, such as the MD5 
algorithm . The code image and the second unique iden- 
tification code is then transferred to the requesting com- 



2 



3 



EP 0 977 451 A2 



4 



munication terminal. The requesting communication ter- 
minal separates the code image and combines this and 
the phone password stored in the phone by means of 
an secure hash algorithm, such as the MD5 algorithm 
to obtain another signature. Then the requesting com- 
munication terminal compares the received second 
unique identification code and said calculates another 
signature. When the comparison shows that the codes 
are identical the requesting communication terminal 
deems the received code image to authenticated and 
stores the data accordingly. 

[0012] Furthermore a successful verification of au- 
thentication of the received data packet indicates that 
the data packet is free from bit errors occurring during 
the transmission. 

[0013] According to another aspect of the present in- 
vention there is provided a wireless communication net- 
work in which a data packet may be transferred securely 
from a providing communication terminal to a requesting 
communication terminal, wherein said requesting com- 
munication terminal comprises means for transmitting a 
message to the providing communication terminal, said 
message includes a request for the data packet and an 
identification of itself by means of a first unique identifi- 
cation code; said providing communication terminal in- 
cludes means for verifying the validity of the first unique 
identification code, and means for transmitting a mes- 
sage, upon a successful verification, to the requesting 
communication terminal, said message includes the re- 
quested data packet and a second unique identification 
code; said requesting communication terminal compris- 
es means for verifying the validity of the second unique 
identification code; and the requesting communication 
terminal includes means for storing the data packet, up- 
on a successful verification of the validity of the received 
message. This network is able to ensure that unauthor- 
ized programs are not downloaded via the network to 
the communication terminals connected thereto. Other- 
wise the communication traffic could be affected. 
[0014] According to a further aspect of the present in- 
vention there is provided a computer program product 
for handling the verification of the transfer of a data 
packet from a providing communication terminal to a re- 
questing communication terminal, and comprising a 
computer useable medium in a providing communica- 
tion terminal having computer readable program code 
means embodied therein for handling verification of a 
communication unit requesting a data packet to be 
transferred over a wireless network from providing com- 
munication terminal to the requesting communication 
unit, the computer readable program code means in the 
computer program product comprising computer read- 
able program code means for identifying a request for 
the data packet and a first unique identification code for 
the mobile unit included in a message received by said 
providing communication terminal; computer readable 
program code means for verifying the validity of the first 
unique identification code; computer readable program 



code means for setting up a response message to the 
mobile unit upon a successful verification, said respond- 
ing message includes the requested data packet and a 
second unique identification code. This program will 
5 normally be running on a computer controlled by a serv- 
ice provider, software provider or the manufacture of the 
requesting communication units. 

[001 5] Another computer program product according 
to this further aspect of the invention may run on the 

10 requesting communication terminal for handling the ver- 
ification of the transfer of a data packet from a providing 
communication terminal to a requesting communication 
terminal, and comprises a computer useable medium in 
a mobile unit having computer readable program code 

15 means embodied therein for handling a request of a data 
packet and the verification of the data packet when re- 
ceived via a wireless network from providing communi- 
cation terminal, the computer readable program code 
means in the computer program product comprises 

20 computer readable program code means for setting up 
a message to the providing communication terminal, 
said message includes a request for the data packet and 
an identification of the mobile unit by means of a first 
unique identification code; computer readable program 

25 code means for identifying the requested data packet 
and a second unique identification code in the respond- 
ing message from the providing communication termi- 
nal; computer readable program code means for verify- 
ing the validity of the second unique identification code; 

30 and computer readable program code means for storing 
the data packet, upon a successful verification of the 
validity of the received message. 

[0016] According to a further aspect of the present in- 
vention there is provided a mobile unit for communicat- 

35 jng with a providing communication terminal via a wire- 
less communication network, comprises means for 
transmitting a message to the providing communication 
terminal, said message includes a request for the data 
packet and an identification of the mobile unit by means 

40 of a first unique identification code; means for receiving 
a responding message from the providing communica- 
tion terminal, said responding message includes the re- 
quested data packet and a second unique identification 
code; means for verifying the validity of the second 

45 unique identification code; and means for storing the da- 
ta packet, upon a successful verification of the validity 
of the received message. Such a mobile unit may be a 
cellular phone, and the phone will then be able to check 
whether a software code included in a received data 

50 packet may be stored in the phone. 

[0017] According to a further aspect of the present in- 
vention the providing communication terminal is a fixed 
unit which is a part of a wireless communication net- 
work. The fixed part comprises means for receiving a 

55 message from a mobile unit, said message includes a 
request for the data packet and an identification of the 
mobile unit by means of a first unique identification code; 
means for verifying the validity of the first unique iden- 
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tification code; and means for transmitting a responding 
message, upon a successful verification, to the mobile 
unit, said responding message includes the requested 
data packet and a second unique identification code. 
Hereby the software provider will have an opportunity to 
check whether the requesting phone will be allowed to 
receive the requested data packet. 
[0018] In order to secure that only authenticated ad- 
ditional software is downloaded into to a phone. This ad- 
ditional software need to be verified for the following: 

1 . The software originated from a reputable source 
and can be expected to be well-behaved. 

2. The software is indeed licensed for the particular 
phone it is downloaded into, so it can be expected 
to the owner of the software has been duly compen- 
sated. 

This verification (or digital signature) relies on some se- 
cret information being available only to authorised soft- 
ware producers, and the ability to verify knowledge of 
the secret in the phone. 

The binding of software to a particular phone relies on 
an unalterable ID being available in the phone, and hav- 
ing a mechanism that can prevent software from running 
if the software is configured for a different ID. 
[0019] For a better understanding of the present in- 
vention and to understand how the same may be 
brought into effect reference will now be made by way 
of example only to the accompanying drawings in which: 

Fig. 1 schematically illustrates a hand portable 
phone for use in a preferred embodiment of the in- 
vention; 

Fig. 2 schematically shows parts of a telephone for 
communication with a cellular or cordless network; 

Fig. 3 schematically shows the parts of the network 
that are involved in the download of codes; 

Fig. 4 illustrates the calculations performed in the 
preferred embodiment based on a secure hash al- 
gorithm; 

Fig. 5 illustrates the message activity between the 
phone and the software provider/certification cent- 
er; 

Fig. 6 is a flow chart showing the authentication 
process at the providing communication terminal; 

Fig. 7 is a flow chart showing the authentication 
process at the requesting communication terminal; 
and 

Fig. 8 illustrates the calculations performed in an al- 
ternative embodiment based on an encryption algo- 



rithm. 

[0020] Referring to Figure 1. a phone 1 comprises a 
user interface having a keypad 2. a display 3, an on/off 

5 button 4. a speaker 5, and a microphone 6. The phone 
1 according to the preferred embodiment is adapted for 
communication via a cellular network, but could have 
been designed for a cordless network as well. The key- 
pad 2 has a first group 7 of keys as alphanumeric keys, 

10 by means of which the user can enter a telephone 
number, write a text message (SMS), write a name (as- 
sociated with the phone number), etc. Each of the twelve 
alphanumeric keys 7 is provided with a figure "0-9" or a 
sign "#" or "*", respectively. In alpha mode each key is 

15 associated with a number of letters and special signs 
used in text editing. 

[0021] The keypad 2 additionally comprises two soft 
keys 8, two call handling keys 9, and a navigation key 
10. 

20 . [0022] The two soft keys 8 have a functionality corre- 
sponding to what is known from the phones Nokia 
2110™, Nokia 8110™ and Nokia 3810™. The function- 
ality of the soft key depends on the state of the phone 
and the navigation in the menu by using a navigation 

25 key. The present functionality of the soft keys 8 is shown 
in separate fields in the display 3 just above the keys 8. 
[0023] The two call handling keys 9 according to the 
preferred embodiment are used for establishing a call 
or a conference call, terminating a call or rejecting an 

30 incoming call. 

[0024] The navigation key 10 is an up/down key and 
is placed centrally on the front surface of the phone be- 
tween the display 3 and the group of alphanumeric keys 
7. Hereby the user will be able to control this key with 

35 his thumb. This is the best site to place an input key 
requiring precise motor movements. Many experienced 
phone users are used to one-hand handling. They place 
the phone in the hand between the finger tips and the 
palm of the hand. Hereby the thumb is free for inputting 

40 information. 

[0025] Fig. 2 schematically illustrates the components 
of the phone 1 . The preferred embodiment of the phone 
1 is adapted for use in connection with the GSM net- 
work, but, of course, embodiments of the invention find 

45 application in connection with other phone networks, 
such as cellular networks and various forms of cordless 
phone systems or in dual band phones accessing sets 
of these systems/networks. The microphone 6 records 
the user's speech, and the analog signals formed there- 

50 by are AID converted in an AID converter (not shown) 
before the speech is encoded in an audio part 14. The 
encoded speech signal is transferred to the processor 
18, which i.a. supports the GSM terminal software. The 
processor 18 also forms the interface to the peripheral 

55 units of the apparatus, including a RAM memory 17a 
and a Flash ROM memory 17b, a SIM card 16, the dis- 
play 3 and the keypad 2 (as well as data, power supply, 
etc.). The processor 18 communicates with the trans- 
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mitter/receiver circuit 19. The audio part 14 speech-de- 
codes the signal, which is transferred from the proces- 
sor 18 to the earpiece 5 via an D/A converter (not 
shown). 

[0026] The processor 18 is connected to the user in- 
terface. Thus, it is the processor 18 which monitors the 
activity in the phone and controls the display 3 in re- 
sponse thereto. 

[0027] Therefore, it is the processor 18 which detects 
the occurrence of a state change event and changes the 
state of the phone and thus the display text. A state 
change event may be caused by the user when he ac- 
tivates the keypad including the navigation key 10. and 
this type of events is called entry events or user events. 
However, the network communicating with the phone 
may also cause a state change event. This type of event 
and other events beyond the user's control are called 
non user events. Non user events comprise status 
change during call set-up, change in battery voltage, 
change in antenna conditions, message on reception of 
SMS, etc. 

[0028] The method of transferring a data packet from 
a providing communication terminal to a requesting 
communication terminal will be explained in the follow- 
ing with reference to the GSM standard, and especially 
the use of the data transmission feature available under 
this standard. The data transmission is handled under 
Technical Specification; GSM 04.22 issued by ETSI in 
1995. The inherent maximum transmission rate in GSM 
is 9600 bps. 

[0029] The described method is especially valuable 
when a phone user requests a new software application 
to be implemented in e.g. a cellular phone. When a 
phone has been type approved the type approval covers 
the software inherent in the phone. Change of certain 
parts of the software requires a new type approval of the 
phone. Neither the manufacturer or the user has an in- 
terest in implementing non-verified software in the 
phone. If the phone affects the network due to erroneous 
software the phone can be identified and possibly be 
rejected by the network. 

[0030] Fig. 3 shows a Mobile Terminal MT such as the 
phone 1 including MT Software 30 that may include the 
operating system of the phone 1. The MT Software 30 
is in the preferred embodiment stored in an EEPROM 
which is emulated in the Flash ROM 17b. The MT Soft- 
ware 30 is flashed into the Flash ROM 17b during the 
manufacturing of the phone 1 . The MT Software 30 does 
furthermore include the so-called IMEI code that unique- 
ly identifies the phone 1. The MT Software 30 is saved 
in an emulated EEPROM space of the Flash ROM 17b, 
and when a program or a program segment for use with 
the operating system of the phone has been download- 
ed over the air this downloaded code 31 is stored tem- 
porarily in the RAM memory 1 7a until the phone has ver- 
ified the validity of the downloaded code 31 . When this 
has been done the downloaded code 31 is transferred 
to the emulated EEPROM space of the Flash ROM 1 7b. 



[0031] A phone may have a dictionary associated with 
an editor in order to predict a full word based on a few 
letters inputted by the user. In general such a dictionary 
requires a memory space in the range 60-100 kByte for 

5 each language. A phone for the European market will 
typically include around ten selectable languages. In or- 
der to avoid the storing of up to 1 MByte "dead" diction- 
aries the manufacturer wants to provide the phone with 
some free memory in which the downloaded code may 

10 be stored. 

[0032] When the user of the phone 1 wants to down- 
load an application or a program segment for use in an 
already available application he sends a request mes- 
sage 36. M SoftDownload_Req(IMEI)" in fig. 5. identifying 

15 the requested software and including the IMEI code of 
the phone 1. The requesting application of the phone 
sets up the request message 36 in a predefined format. 
The request message 36 includes an identification of the 
receiver (the software provider 33). and this requires an 

20 input from the user or from the phonebook of the phone 
1 . The IMEI code 37 is automatically attached to the re- 
quest message 36 without being displayed or entered 
by the user. The requested downloadable code is iden- 
tified by the user - typically selected as an item in a list 

25 earlier received from the software provider. 

[0033] This request message 36 is forwarded from the 
phone 1 via the air and a base station 32 in the commu- 
nication network to a software provider 33 authorized by 
the manufacturer of the phone 1 . The software provider 

30 33 has a set of codes 34 which may be copied or down- 
loaded to a requesting phone 1 . These codes 34 include 
the files requested by the requesting phone 1. Further- 
more the software provider 34 has access to a certifica- 
tion center 35 in which authorized IMEI codes, a Master 

35 Password and a Code Block is stored. 

[0034] When the software provider 34 receives a re- 
quest message 36 the IMEI part of the message is au- 
tomatically forwarded to certification center 35 that 
check the validity of the request 36. This is simply done 

40 by checking in a database table whether the requesting 
phone 1 has an open account for paying for the request- 
ed software code or file. From this database table the 
software provider 33 can find the phone number of the 
requesting phone 1 based on the llvlEI code. 

45 [0035] If the certification center 35 deems the request 
message 36 to be valid the certification center 35 then 
calculates a phone password 40. According to the pre- 
ferred embodiment the phone password 40 may be cal- 
culated by means of a per se known secure hash algo- 

50 rithm, such as MD5 from the RSA Data Security Com- 
pany. The MD5 algorithm 39 that is a secure hash algo- 
rithm, receives the IMEI code 37 and the Master Pass- 
word 38 from the memories associated with the certifi- 
cation center 35, and outputs a Phone Password 40 in 

55 response. 

[0036] The Master Password 38 is a universal pass- 
word defined by the software provider, and the IMEI 
code 37 is a universal code unambiguously identifying 
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the phone. 

[0037] When the certification center of the software 
provider 33 has calculated the phone password 40 it 
starts calculating a first signature 43 that is unique for 
this specific software transfer. The calculated Phone 
Password 40 is put into the beginning and the end of a 
binary string having the binary code 44 (the code image) 
of the file to be transferred in the middle. This binary 
string is inputted into an appropriate signature generat- 
ing algorithm 42, such as the MD5 algorithm, that was 
used for calculating the Phone Password 40 as de- 
scribed above. The signature generating algorithm 42 
does not need to be similar to the secure hash algorithm 
39. The output from the signature generating algorithm 
42 may be regarded as a first digital signature 43 (sig2) 
that is unique for the this specific software transfer, as 
it is based on a sequence specific for the receiving 
phone and a sequence specific for the transmitted soft- 
ware code. 

[0038] When the certification center 35 has calculated 
the first digital signature 43 (sig2) the service provider 
33 starts to transfer the binary code 44 (the code image) 
of the file and the calculated first digital signature 43 
(sig2) to the requesting phone 1 . This is indicated in fig. 
5 as a response message 41 (SoftwareDownload_Resp 
(Codeblock+Signature)). The transfer of the response 
message 41 may be done by using the data transmis- 
sion facilities set up in, e.g. the GSM standard. 
[0039] When the phone 1 receives a binary code 47 
and the first digital signature 43 (16 bytes) it extracts 
these two parts from the message based on the infor- 
mations included in the headerof the message41 . Apart 
from the IMEi code 37 the phone password 45 is stored 
as a part of the MT software 30 in the phone 1. The 
phone password 45 is granted by the software provider 
33 when an account is established. The phone pass- 
word 40 calculated by the software provider 33 is iden- 
tical with the phone password 45 granted to the phone. 
The two passwords 40 and 45 differ only when errors 
occur in the calculation at the software provider. The 
transmitted binary code 44 and the received binary code 
47 will be identical when the transmission and the iden- 
tification in the receiver is free of errors. 
[0040] Based on the binary code 47 (the code image) 
and the phone password 45 the phone 1 starts to cal- 
culate a second signature 46 (sig2'). The stored Phone 
Password 45 is put into the beginning and the end of a 
binary string having the binary code 47 (the code image) 
of the file received in the middle. For this purpose the 
binary string is inputted to the very same signature gen- 
erating algorithm 42 as used by the software provider 
33 for calculating the first signature 43 (sig2). When the 
second signature 46 has been calculated the phone 1 
compares this calculated second signature 46 with the 
first signature 43 received by the response message 41 . 
If these two signatures 43 and 46 fit together i.e. are 
identical the phone 1 deems the response message to 
be coming from an authorized software provider having 
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access to the Master Password 38. Therefor the phone 
1 deems the received code image to be authentic and 
starts to transfer the down loaded code 31 to the MT 
software. If the authentication has failed the download- 

5 ed software would automatically have been deleted. 
[0041] Further to the verification of the authorization 
of the received code the described method provides the 
added benefit that the transmission of the received code 
has been free of errors. This is due to the fact that the 

10 code image is used for the calculation of the signatures 
(sig2 and sig2') 43 and 46. 

[0042] When the manufacture of a phone acts as the 
software provider he may provide the phone with the 
phone password during the production. Then a corre- 

15 sponding account may be opened by accessing an ap- 
propriate Internet homepage of the manufacturer/soft- 
ware provider. When the user of the phone has placed 
money into the account or agreed to do so, he may re- 
quest new applications or the like to his phone. Accord- 

20 ing to a preferred embodiment these new applications 
are transferred to the phone as software code for storing 
in the phone when being recognized as authentic soft- 
ware code. 

[0043] According to an alternative embodiment of the 
25 invention the data packet transferred to the phone does 
include an instruction that, when authenticated by the 
phone, activates an application that has been present 
in the phone as software code since the manufacture of 
the phone. 

30 [0044] A secure hash function produces a fixed- 
length bit pattern from an input text of any length. Pref- 
erably the process should be irreversible or extremely 
difficult to reverse and the function should give no or ex- 
tremely little correlation between output results for very 

35 similar input texts, i.e. it should be to all practical intents 
and purposes computationally infeasible to create a in- 
put text, which produces a predefined output from the 
hash function. The examples show MD5 used as the 
hash function, but other hash functions may be used in 

40 jts place. 

[0045] Provided that a clear text password if known 
both in the phone and at the authorised software pro- 
ducer, a signature can be constructed. Notice that the 
password is both prefixed and suffixed the code image. 

45 This is done to prevent birthday attacks, i.e. attacks, 
where a (untrusted) software supplier generates some 
software, where the hash value of the code image is the 
same as an approved version, but the behaviour is dif- 
ferent (and probably malign). 

so [0046] The downloaded code may be an application 
to become installed in the phone, e.g. an application for 
controlling a television by means of the inherent infra 
red link of the phone, or an E-mail application setting up 
an Internet compatible format for the phone, or it may 

55 be an activating key opening a program segment 
present in the phone but disabled. The downloaded 
code may therefore be anything from independent exe- 
cutable applications to short code segments used by 
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other applications already available in the phone. 
[0047] Alternatively the certification center may calcu- 
late the phone password when the account is estab- 
lished and store the password in the record that may be 
addressed by the IMEI code. Then there will be no need 
for calculating the phone password every time new soft- 
ware is requested. 

The authentication process at the providing 
communication terminal 

[0048] The providing communication terminal, e.g. a 
software provider is authorized by the phone manufac- 
turer and communicating with the network to which the 
requesting communication unit or phone is connected. 
The providing communication terminal preferably in- 
cludes a computer program product on a server for han- 
dling the verification of a request for transferring a data 
packet to a requesting communication terminal or 
phone. 

[0049] The providing communication terminal 33 is in 
a mode 100 in fig. 6 where it waits for a request message 
36. When a request message is received in step 1 01 the 
processing unit of the providing communication terminal 
33 starts in step 102 to decode the message in order to 
identify the requested data packet and a first unique 
identification code for the mobile unit included in the 
message. This first unique identification code includes 
according to the preferred embodiment of the invention 
the IMEI code 37 of the phone. 

[0050] The providing communication terminal 33 has 
access to a certification center 35 in which it is checked 
(step 103) whether the requesting communication ter- 
minal or phone do have a valid account for paying the 
requested program code. If the user does not have a 
valid account a reject message is sent to the user in step 
104 where the user is informed about the situation. 
[0051] If the requesting communication terminal 1 has 
been accepted as a valid user the providing communi- 
cation terminal 33 starts in step 105 to calculate a phone 
password 40 for the requesting communication terminal 
1 based on the first unique identification code (the Inter- 
national Mobile Equipment Identity (IMEI) code 37) and 
the master password 38 using a first secure hash algo- 
rithm 39, such as MD 5. Then the providing communi- 
cation terminal 33 provides the requested software code 
from an appropriate memory connected to the server. 
[0052] Then the providing communication terminal 33 
starts to calculate at step 1 06 a first unique signature 43 
based on a binary string having the Phone Password 40 
in the beginning and the end and the binary code 44 in 
the middle by using an appropriate secure hash algo- 
rithm 42. 

[0053] When this is done the providing communica- 
tion terminal 33 starts to set up a response message 41 
to the requesting communication terminal 1, said re- 
sponding message 41 includes the requested data 
packet and the first unique signature 43. Then the re- 



sponding message 41 is transmitted to the requesting 
communication terminal 1 in step 107. Hereafter the 
server goes back to step 100 and wait for the next re- 
quest message. In practice the server preferably has a 
5 capacity that is sufficient to serve several requests in 
parallel. 

[0054] According to the preferred embodiment ac- 
cording to the invention the computer program is imple- 
mented in a service provider server connected to a cel- 
w lular network for transferring computer software via the 
wireless network (Over The Air) to mobile units upon re- 
quest. 

The authentication process a the requesting 
15 communication terminal 

[0055] The requesting communication terminal, e.g. 
a cellular phone, includes a computer program product 
for handling the verification of the authenticity of a data 

20 packet received from a providing communication termi- 
nal upon request. This computer program product is 
preferably included in the MT Software 30 in fig. 3 and 
is an integrated part of a computer application that is 
controlled by the user and sets up a user interface in 

25 which the user may identify the code to be down loaded. 
Furthermore the computer application may get the IMEI 
code directly from the MT Software and may get the 
phone number of the software provider from the phone- 
book stored on the SIM card once it has been inputted 

30 by the user or stored by the phone manufacturer in a 
memory location in the phone. 

[0056] The phone 1 has computer readable program 
code means embodied therein for handling the verifica- 
tion of the data packet when received via a wireless net- 

35 work from the software provider 33. The requesting 
communication unit or the phone 1 requests a code se- 
quence included in a data packet to be transferred over 
a wireless network from the software provider 33. The 
request message 36 has a predefined format set up by 

JO the phone 1 . and the request message 36 identifies the 
requested code and the phone 1 requesting the code. 
The phone 1 is identified by means of a first unique iden- 
tification code, that preferably is based on the Interna- 
tional Mobile Equipment Identity (IMEI) code or a similar 

<*5 type of code that globally identifies the phone. 

[0057] As seen from fig. 7 the software based appli- 
cation in step 200 detects an activity the processor 
checks whether the user has inputted an instruction. If 
this is the situation the application gets the IMEI code 

50 37 from the Flash ROM 1 7b in step 201 . In step 202 the 
application sets up the request message 36 and for- 
wards the message to the software provider 33 in step 
203. Then the phone starts to wait (step 204) for the re- 
sponse message. When a message is received it is 

55 checked in step 205 whether the message is the re- 
sponse message the phone 1 is waiting for. 
[0058] When the phone 1 detects the response mes- 
sage 41 it starts in step 206 to identify the code image 
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47 or the requested data packet and the first signature 
43 or the second unique identification code. When the 
first signature 43 is identified the phone starts to verify 
the validity of the first signature 43 and thereby the au- 
thenticity of the received response message 41. 
[0059] The verification of the validity of the first signa- 
ture 43 includes calculation of a second signature 46. 
This second signature 46 is calculated by phone 1 by 
inputting a phone password 45 stored in the phone into 
the beginning and the end of a binary string having the 
received binary code 47 in the middle into a secure hash 
algorithm 42 (MD5) that is identical to the secure hash 
algorithm 42 (MD5) used by the certification center for 
calculating the first signature 43. 

[0060] The two signatures 43 and 46 are calculated 
base on the very same secure hash algorithm 42 (MD5). 
By comparing these two signatures 43 and 46 the phone 
1 can prove the validity of the received message 41. If 
the received code image 47 fully corresponds the trans- 
mitted code image 44 the two signatures 43 and 46 will 
be identical. The phone 1 calculates the second signa- 
ture 46 based on the code image 47 and the phone 
password 45. The phone password 45 is not transmitted 
over the air and is only available in the phone and in the 
computer of the software provider 33. The software pro- 
vider 33 calculates the first signature 46 based on the 
code image 44, the IMEI code 37 and master password 
38. The IMEI code 37 is transmitted via the network and 
may be intercepted by an unauthorized third party. How- 
ever the master password is only present in the compu- 
terof the software provider 33. Therefore the phone may 
be in a situation where it may deem a message to be 
authorized when sender of the message is able to pro- 
vide a correct first signature 43. Therefore the phone 1 
in step 208 compares the two signatures 43 and 46 and 
stores in step 210 the received code image 47 in the MT 
software area 30 when the two signature are identical. 
Hereby the received software image is added to the ex- 
isting MT software as a new application or a new soft- 
ware segment for use in an existing application. 
[0061] Otherwise the phone skips the received soft- 
ware (code image 47) and asks for a re-transmission in 
step 209. When the two signatures 43 and 46 are differ- 
ent this may be caused by errors in the transmission. 
Then steps 201-208 are repeated. If the re-transmission 
is also unsuccessful the phone may automatically in- 
form the service provider about the situation and desist 
from further attempts. 

Explanation of an alternative embodiment 

[0062] Another technique for verifying downloaded 
code involves using public key encryption. Such a tech- 
nique will be briefly described with reference to fig. 8. 
With public key encryption it is not necessary to keep 
the password in clear text format in the phone to verify 
downloaded code. Instead a public key is kept in the 
phone. This public key 69 corresponds to a private key 



64 which is only known at the software certification cen- 
tre. 

[0063] When a request has been received at the soft- 
ware provider 33 and the requesting terminal has been 

5 validated in a similar way as described with reference 
to fig. 3-5 the software provider 33 starts to set up sig- 
natures for use in the transfer of the software block. At 
the software verification centre 35 a hash value or sig- 
nature (sigl ) 62 for a download software block 60 is cal- 

10 culated by means of an appropriate hash algorithm 61. 
e.g. MD5. This signature 62 is then encrypted using the 
private key 64 by using an appropriate encryption algo- 
rithm 65, e.g. an RSA algorithm, and the resulting digital 
signature 66 is appended to the software block 60 and 

15 down loaded to the requesting terminal. 

[0064] When the requesting terminal (the phone 1 ) re- 
ceives a software block 67, it can calculate the hash val- 
ue or signature (sigl) 62 for the software block 67 by 
means of the same hash algorithm 61 as used in the 

20 certification centre, e.g. MD5. The appended signature 
68 shall not be used in these calculations. 
[0065] The appended signature 68 is decrypted using 
the public key 69. which is kept in the phone. The same 
encryption algorithm 65, e.g. an RSA algorithm as used 

25 in the certification centre 35 is used in the phone for cal- 
culating a signature (sigl') 71 . If the calculated hash val- 
ue (sigl ) 62 matches the decrypted signature (sigl') 71 , 
the software block 67 is verified. The software blocks 60 
and 67 will be identical when the transmission was free 

30 of errors. The signatures (sig2) 66 and 68 are also be 
identical under these circumstances. 
[0066] It is not necessary to hide the public key or the 
code doing the check, as the algorithms are strong 
enough themselves. But it is desirable to ensure that the 

35 checking cannot be disabled, e.g. By patching the vali- 
dation code itself. 

[0067] The phone password does not need to be 
available at the software provider 33 it can also be only 
known at the certification center 35 and the phone. Be- 
40 cause even the calculation of the signature can be done 
at the certification center. This way even the phone 
passwords are protected against fraud at the software 
provider's site. 

[0068] The Smart messaging concept demonstrated 
45 by the applicant at the Asia Telecom 97 fair in Singapore 
June 1 997 may be use for setting the format of the mes- 
sages. 



50 Claims 

1 . A method of transferring a data packet from a pro- 
viding communication terminal to a requesting com- 
munication terminal, wherein: 



55 



said requesting communication terminal trans- 
fers a message to the providing communication 
terminal including a request for receiving the 
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data packet and a first unique identification 
code identifying the requesting communication 
terminal; 

said providing communication terminal verifies 
the validity of the first unique identification 
code, and upon a successful verification, re- 
sponds by transferring a message to the re- 
questing communication terminal including the 
requested data packet and a second unique 
identification code; 

said requesting communication terminal veri- 
fies the validity of the second unique identifica- 
tion code, and upon a successful verification, 
stores the data packet accordingly. 

2. A method according to claim 1 . wherein the provid- 
ing communication terminal is a fixed unit which is 
a part of a wireless communication network, and the 
requesting communication terminal is a mobile unit 
communicating via said wireless communication 
network. 

3. A method according to claim 2, wherein the first 
unique identification code includes an International 
Mobile Equipment Identity (IMEI) code that is 
unique for the mobile unit. 

4. A method according to claim 3. wherein the mobile 
unit further to the unique identification code is as- 
sociated with a unique password which is stored in 
the mobile unit and which may be calculated by said 
providing communication terminal based on the In- 
ternational Mobile Equipment Identity (IMEI) code 
and a master password that is available for said pro- 
viding communication terminal, and said providing 
communication terminal calculates a first unique 
signature based on the master password and the 
received International Mobile Equipment Identity 
(IMEI) code, and said first unique signature is used 
as the second unique identification code. 

5. A method according to claim 4, wherein the provid- 
ing communication terminal calculates a phone 
password for the mobile unit based on the Interna- 
tional Mobile Equipment Identity (IMEI) code and 
the master password using an secure hash algo- 
rithm, and then calculates said first unique signa- 
ture based on the phone password and the data 
packet to be sent using the same secure hash al- 
gorithm. 

6. A method according to claim 5. wherein the mobile 
unit upon receipt of said message including the re- 
quested data packet and said unique signature cal- 
culates a second signature based on the data pack- 
et received and the phone password by using an 
secure hash algorithm complementary to the se- 
cure hash algorithm used in the providing commu- 
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nication terminal, and the mobile unit compares the 
first unique signature received as a part of the mes- 
sage and the calculated second signature, and 
deems the message including the data packet to be 
verified when the two signatures fit together. 

7. A method according to claims 1, wherein: 

said providing communication terminal: 

calculates a session specific value based 
on inputting the requested data packet into 
a secure hash algorithm; and 
calculates the second unique identification 
code by means of a private key 
and said session specific value to an en- 
cryption algorithm; and 

said requesting communication terminal veri- 
fies the validity of the second unique identifica- 
tion code by: 

calculating a session specific value based on 
inputting the received data packet into a secure 
hash algorithm similar to the hash algorithm 
used by the providing communication terminal; 
and 

calculating a signature by means of inputting a 
public key and the received second unique 
identification code into a decryption algorithm 
similar to the encryption algorithm used by the 
providing communication terminal; and 
verifying the validity of the second unique iden- 
tification code when the session specific value 
based on inputting the received data packet 
and signature calculated by means of the public 
key and the received second unique identifica- 
tion code fit together. 

8. A wireless communication network in which a data 
packet may be transferred securely from a provid- 
ing communication terminal to a requesting commu- 
nication terminal, wherein: 

said requesting communication terminal com- 
prises means for transmitting a message to the 
providing communication terminal, said mes- 
sage includes a request for the data packet and 
an identification of itself by means of a first 
unique identification code; 
said providing communication terminal in- 
cludes means for verifying the validity of the 
first unique identification code, and means for 
transmitting a message, upon a successful ver- 
ification, to the requesting communication ter- 
minal, said message includes the requested 
data packet and a second unique identification 
code; 

said requesting communication terminal corn- 
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prises means for verifying the validity of the 
second unique identification code; and 
the requesting communication terminal in- 
cludes means for storing the data packet, upon 
a successful verification of the validity of the re- 
ceived message. 

9. A wireless communication network according to 
claim 8. wherein the providing communication ter- 
minal is a fixed unit which is a part of a wireless com- 
munication network, and the requesting communi- 
cation terminal is a mobile unit communicating via 
said wireless communication network. 

10. A wireless communication network to claim 9, 
wherein the first unique identification code includes 
an International Mobile Equipment Identity (IMEI) 
code that is unique for the mobile unit. 



11. A wireless communication network according to 
claim 10, wherein the mobile unit further to the 
unique identification code is associated with a 
unique password which is stored in the mobile unit, 
said providing communication terminal comprises: 
means for calculating a first unique signature based 
on the International Mobile Equipment Identity (IM- 
EI) code and a master password that is available 
for said providing communication terminal, said first 
unique signature is used as the second unique iden- 
tification code. 

12. A wireless communication network according to 
claim 11 , wherein the providing communication ter- 
minal comprises: 

means for calculating a phone password for the 
mobile unit based on the International Mobile 
Equipment Identity (IMEI) code and the master 
password using an secure hash algorithm, and 
means for calculating said first unique signa- 
ture based on the phone password and the data 
packet to be send using the same secure hash 
algorithm. 

13. A wireless communication network according to 
claim 12, wherein the mobile unit comprises 

means for calculating a second signature 
based on the data packet received and the 
phone password by using an secure hash algo- 
rithm complementary to the secure hash algo- 
rithm used in the providing communication ter- 
minal means for comparing the first unique sig- 
nature received as a part of the message and 
the calculated second signature, and for deem- 
ing the message including the data packet to 
be verified when the two signatures fits togeth- 
er. 



14. A wireless communication network according to 
claim 8. wherein the calculation means in said pro- 
viding communication terminal are prepared for: 

5 calculating a session specific value based on 

inputting the requested data packet into a se- 
cure hash algorithm; and 
calculating the second unique identification 
code by means of a private key and said ses- 

w sion specific value to an encryption algorithm; 

and 

wherein the calculation means in said requesting 
communication terminal are prepared for said veri- 
15 fying the validity of the second unique identification 
code by: 

calculating a session specific value based on 
inputting the received data packet into a secure 
20 hash algorithm similar to the hash algorithm 

used by the providing communication terminal; 
and 

calculating a signature by means of inputting a 
public key and the received second unique 
25 identification code into a decryption algorithm 

similar to the encryption algorithm used by the 
providing communication terminal; and 
verifying the validity of the second unique iden- 
tification code when the session specific value 
based on inputting the received data packet 
and signature calculated by means of the public 
key and the received second unique identifica- 
tion code fit together. 

15. A computer program product for handling the veri- 
fication of the transfer of a data packet from a pro- 
viding communication terminal to a requesting com- 
munication terminal, and comprising: 

40 a computer useable medium in a providing 

communication terminal having computer read- 
able program code means embodied therein for 
handling verification of a communication unit 
requesting a data packet to be transferred over 

45 a wireless network from providing communica- 

tion terminal to the requesting communication 
unit, the computer readable program code 
means in the computer program product com- 
prising: 

50 computer readable program code means for 

identifying a request for the data packet and a 
first unique identification code for the mobile 
unit included in a message received by said 
providing communication terminal; 

55 computer readable program code means for 

verifying the validity of the first unique identifi- 
cation code; 

computer readable program code means for 
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setting up a response message to the mobile 
unit upon a successful verification, said re- 
sponding message includes the requested data 
packetand a second unique identification code. 

5 

1 6. A computer program product according to claim 1 5, 
and comprising: 

computer readable program code means for 
calculating a phone password for the mobile 10 
unit based on the first unique identification code 
(the International Mobile Equipment Identity 
(IMEI) code) and the master password using a 
first secure hash algorithm, and 
computer readable program code means for 15 
calculating said first unique signature based on 
the phone password and the data packet to be 
sent using a second secure hash algorithm. 

17. A computer program product according to claim 15 20 
wherein the computer readable program code 
means for calculating said first unique signature are 
prepared for: 

calculating a session specific value based on 25 
inputting the requested data packet into a se- 
cure hash algorithm; and 

calculating the second unique identification 
code by means of a private key and said ses- 
sion specific value to an encryption algorithm; 30 
and 

18. A computer program product according to claims 
15-17 and implemented in a service provider com- 
puter connected to a cellular network for transfer- 35 
ring computer software via the wireless network 
(Over The Air) to mobile units upon request. 

19. A computer program product for handling the veri- 
fication of the transfer of a data packet from a pro- *o 
viding communication terminal to a requesting com- 
munication terminal, and comprising: 

a computer useable medium in a mobile unit 
having computer readable program code 45 
means embodied therein for handling a request 
of a data packet and the verification of the data 
packet when received via a wireless network 
from providing communication terminal, the 
computer readable program code means in the 50 
computer program product comprising: 
computer readable program code means for 
setting up a message to the providing commu- 
nication terminal, said message includes a re- 
quest for the data packet and an identification 55 
of the mobile unit by means of a first unique 
identification code; 

computer readable program code means for 



identifying the requested data packet and a 
second unique identification code in the re- 
sponding message from the providing commu- 
nication terminal; 

computer readable program code means for 
verifying the validity of the second unique iden- 
tification code; 

computer readable program code means for 
storing the data packet, upon a successful ver- 
ification of the validity of the received message. 

20. A computer program product according to claim 1 9, 
wherein computer readable program code means 
uses an International Mobile Equipment Identity 
(IMEI) code as first unique identification code that 
is unique for the mobile unit. 

21. A computer program product according to claims 
19-20, and furthermore comprises: 

computer readable program code means for 
calculating a second signature based on the 
data packet received and the phone password 
by using an secure hash algorithm complemen- 
tary to the secure hash algorithm used in the 
providing communication terminal; and 
computer readable program code means for 
comparing the second unique identification 
code received as a part of the message and the 
calculated second signature, and for deeming 
the message including the data packet to be 
verified when the two signatures fits together. 

22. A computer program product according to claim 19, 
wherein the computer readable program code 
means for calculating said first unique signature are 
prepared for said verifying the validity of the second 
unique identification code by: 

calculating a session specific value based on 
inputting the received data packet into a secure 
hash algorithm similar to the hash algorithm 
used by the providing communication terminal; 
and 

calculating a signature by means of inputting a 
public key and the received second unique 
identification code into a decryption algorithm 
similar to the encryption algorithm used by the 
providing communication terminal; and 
verifying the validity of the second unique iden- 
tification code when the session specific value 
based on inputting the received data packet 
and signature calculated by means of the public 
key and the received second unique identifica- 
tion code fit together. 

23. A mobile unit for communicating with a providing 
communication terminal via a wireless communica- 
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tion network, and comprising: 

means for transmitting a message to the pro- 
viding communication terminal, said message 
includes a request for the data packet and an 
identification of the mobile unit by means of a 
first unique identification code: 
means for receiving a responding message 
from the providing communication terminal, 
said responding message includes the request- 
ed data packet and a second unique identifica- 
tion code; 

means for verifying the validity of the second 
unique identification code; and 
means for storing the data packet, upon a suc- 
cessful verification of the validity of the received 
message. 

24. A mobile unit according to claim 23. wherein the first 
unique identification code includes an International 
Mobile Equipment Identity (IMEI) code that is 
unique for the mobile unit. 

25. A mobile unit according to claim 24. wherein the mo- 
bile unit further to the unique identification code is 
associated with a unique password which is stored 
in the mobile unit and which may be derived from a 
master password when the International Mobile 
Equipment Identity (IMEI) code is known. 

26. A mobile unit according to claims 23-25. wherein 
the mobile unit is a cellular telephone. 



27. 



A mobile unit according to claims 23-26, wherein 
the mobile unit, when receiving said message in- 
cluding the second unique identification code from 
the providing communication terminal, handles this 
second unique identification code as a first unique 
signature; said mobile unit furthermore comprises: 

means for calculating a second signature 
based on the data packet received and the 
phone password by using an secure hash algo- 
rithm complementary to the secure hash algo- 
rithm used in the providing communication ter- 
minal; and 

means for comparing the first unique signature 
received as a part of the message and the cal- 
culated second signature, and for deeming the 
message including the data packet to be veri- 
fied when the two signatures fits together. 



cure hash algorithm; and 
calculating the second unique identification 
code by means of a private key and said ses- 
sion specific value to an encryption algorithm; 
5 and 

wherein the calculation means in said requesting 
communication terminal are prepared for said veri- 
fying the validity of the second unique identification 
w code by: 

calculating a session specific value based on 
inputting the received data packet into a secure 
hash algorithm similar to the hash algorithm 
15 used by the providing communication terminal; 

and 

calculating a signature by means of inputting a 
public key and the received second unique 
identification code into a decryption algorithm 

20 similar to the encryption algorithm used by the 

providing communication terminal; and 
verifying the validity of the second unique iden- 
tification code when the session specific value 
based on inputting the received data packet 

25 and signature calculated by means of the public 

key and the received second unique identifica- 
tion code fit together. 

29. A providing communication terminal is a fixed unit 
30 which is a part of a wireless communication net- 
work, and comprising: 

means for receiving a message from a mobile 
unit, said message includes a request for the 
35 data packet and an identification of the mobile 

unit by means of a first unique identification 
code; 

means for verifying the validity of the first 
unique identification code; and 
40 means for transmitting a responding message, 

upon a successful verification, to the mobile 
unit, said responding message includes the re- 
quested data packet and a second unique iden- 
tification code. 
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A mobile unit according to claim 23, wherein the cal- 
culation means in said providing communication 
terminal are prepared for: 55 

calculating a session specific value based on 
inputting the requested data packet into a se- 



30. A providing communication terminal according to 
claim 29 and provided as a fixed unit which is a part 
of a wireless communication network. 

31. A providing communication terminal according to 
claims 29-30, and comprising: 

means for calculating a phone password for the 
mobile unit based on the first unique identifica- 
tion code (the International Mobile Equipment 
Identity (IMEI) code) and the master password 
using an secure hash algorithm, and 
means for calculating said first unique signa- 
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ture based on the phone password and the data 
packet to be sent using the same secure hash 
algorithm. 

32. A providing communication terminal according to 
claim 29, wherein the calculation means in said pro- 
viding communication terminal are prepared for: 

• calculating a session specific value based on 

inputting the requested data packet into a se- 
cure hash algorithm; and 

» calculating the second unique identification 

code by means of a private key and said ses- 
sion specific value to an encryption algorithm. 

33. A method of transferring a data packet from a first 
communication terminal to a second communica- 
tion terminal in a communication network, wherein; 

said first communication terminal transfers a 
message including a request for receiving the 
data packet and a first identification code iden- 
tifying the first communication terminal to the 
second communication terminal; 
said second communication terminal verifies 
the validity of the first identification code, and 
upon a successful verification, responds by 
transferring a message including the requested 
data packet and a second identification code to 
the first communication terminal; 
said first communication terminal verifies the 
validity of the second identification code, and 
upon a successful verification, stores the data 
packet. 

34. A communication network for transferring a data 
packet from a first communication terminal to a sec- 
ond communication terminal, wherein: 



the received second message. 

35. A method as claimed in claim 33 or a communica- 
tion network as claimed in claim 34 wherein said 

5 first identification code uniquely identifies the first 

communication terminal within the network. 

36. A communication network as claimed in claim 34 or 
35 or a method as claimed in claim 34 or 35 wherein 

10 said second identification code uniquely identifies 

the second message within the network as intended 
for reception by said first communication terminal. 

37. A method as claimed in claim 34, 35 or 36 or a com- 
15 munication network as claimed in claim 34. 35 or 36 

wherein said second identification code is encrypt- 
ed. 

38. A method as claimed in claim 37 or a communica- 
20 tion network as claimed in claim 37 wherein said 

first communication terminal produces a third iden- 
tification code and verifies said second identifica- 
tion code by a comparison of said second and third 
identification codes. 

25 

39. A method as claimed in claim 38 or a communica- 
tion network as claimed in claim 38 wherein said 
second identification code is decrypted before com- 
parison with said third identification code. 

30 

40. A system for transferring a data packet between two 
communication terminals substantially as hereinbe- 
fore described with reference to the accompanying 
figures. 

35 



said first communication terminal comprises *o 
means for transmitting a first message to the 
second communication terminal, said first mes- 
sage including a request for the data packet 
and a first identification code; 

said second communication terminal compris- 45 
es means for verifying the validity of the first 
identification code, and means for transmitting 
a second message, upon a successful verifica- 
tion, to the first communication terminal, said 
second message including the requested data 5° 
packet and a second identification code; 
said first communication terminal further com- 
prising means for verifying the validity of the 
second identification code after the reception 
of the second message; and 55 
said second communication terminal further 
comprising means for storing the data packet, 
upon a successful verification of the validity of 



13 



EP 0 977 451 A2 



FIG. 1 




RAM 



TRANSMITTER / 
RECEIVER 
CIRCUIT 

19 



ROM 
17b 



FIG. 2 



CONTROLLER 
18 



AUDIO 
PART 

20 



T 



SIM CARD 

16 



LCD DRIVER 

13 



LCD 

3 



KEYBOARD 

2 



NAVIGATION AND 
SELECTION KEYS 
15 



SPEAKER 

5 



MICROPHONE 

6 



14 



EP 0 977 451 A2 



V 



"Z. 



V 



MT 1 



DOWNLOADED 
CODE 31 



MT SOFTWARE 
30 



BASESTATION 32 



SOFTWARE 



33 



PROVIDER — 



DOWNLOADABLE 
CODE 34 



FIG. 3 



CERTIFICATION 
CENTRE 35 



Performed at certification centre 
Calculate phone password 



37- 


IMEI | + 


master passw J- 








MD5 - — ■ 39 



J- 38 



40 — ph. passw 



44 

Calculate sign ature j 

ph. passw | + code tfi||j|||| + ph. passw | 



40 



T 



43 



MD5 



42 



Download code + sig2 



code image J 

■ I rmitirrhfff^iiriYiiil 



44 



43 



Performed in phone 
Receive code and signature 



47' 



T 



43 



47 



Calculate sign ature ( 

ph. passw | + code Image ] • 



45 



T 



MD5 



ph. passw I 

j 



•46 



45 



compare signatures 



46' 



43 



FIG. 4 



15 



EP 0 977 451 A2 



35 
i 



PHONE- 



DATA AVAILABLE 
IN PHONE 



IMEI 
PHONE 
PASSWORD 



CERTIFICATION 
CENTRE: 



f 



36 



SOFTDOWNLOAD_REQ (IMEI) 



DATA AVAILABLE 
AT CERTIFICATION 
CENTRE 



MASTER 
PASSWORD CODE 
BLOCK 



CALCULATE PHONE 
PASSWORD 






PUT SIGN; 
CODE 


a.TURE ON 
BLOCK 



SOFTDOWNLOAD_RESP 
(CODEBLOCK + SIGNA TURE) 



41 



FIG. 5 



Done at certification centre 



63 

L 



64 

L 



sig 1 || private key | 



RSA signature 
66 H siQ Z ~| V 65 



Download code + sig2 



code image V~ 60 


code image 1 




MD5 —61 


1 

67 


MD5 -61 


62 H .9&.1 I 




,1 |-62 



T 

60 



code image | sig2 | 



S 

66 



Done in phone 



68 



68 

JL 



3ig 2 I ["private key 69 



65' 



RSA signature check 



compare two si gnatures 



i 

62 



T 

71 



FIG. 8 



16 



EP 0 977 451 A2 



C 



START 



I 



100 



WAIT FOR 
RECEIVING A 
REQUEST MESSAGE 




NO 



102 



IDENTIFY REQUEST 
SW IDENTIFY 
IMEI CODE 



104 
1 



RESPOND THE 
REQUEST BY 
SENDING A REJECT 
MESSAGE 



103 




105 ^ 



GET MASTER 
PASSWORD 
CALCULATE PHONE 
PASSWORD 



106 — 



GET REQUESTED 
CODE CALCULATE 
SIGNATURE 



107 | TRANSMIT RESPONSE 

MESSAGE INCLUDING 
CODE IMAGE + 
SIGNATURE 



FIG. 6 



17 



EP 0 977 451 A2 



START 



200 




201 



202 



203- 



GET IMEI CODE 



SET UP REQUEST 
MESSAGE 



TRANSMIT REQUEST 
MESSAGE 



204 — 



I 



205 



206 



WAIT 


< ■ 




V/^RESPONSE^^^ 

MESSAGE 
^.RECEIVED 


NO 




|YES 





IDENTIFY CODE IMAGE 
AND SIGNATURE, STORE 
CODE IMAGE FOR A 
WHILE 



i 



207 ~4 GET PHONE PASSWORD 
CALCULATE SIGNATURE 



208 



210' 




209 



DELETE CODE 

IMAGE 
I 



TRANSFER CODE 
IMAGE TO MT 
SOFTWARE 



FIG. 7 



18 



(19) 



J 



Europaisches Patentamt 
European Patent Office 
Office europeen des brevets 



(12) 



(id EP 0 977 451 A3 

EUROPEAN PATENT APPLICATION 



(88) Date of publication A3: 

24.01.2001 Bulletin 2001/04 

(43) Date of publication A2: 

02.02.2000 Bulletin 2000/05 

(21) Application number: 99305677.9 

(22) Date of filing: 16.07.1999 



(51) Intel/: H04Q7/32, H04L 29/06 



(84) Designated Contracting States: 


(72) Inventors: 


AT BE CH CY DE DK ES Fl FR GB GR IE IT LI LU 


♦ Jobst, Matthias 


MC NL PT SE 


44789 Bochum (DE) 


Designated Extension States: 


• Stage, Erling Bugge 


AL LT LV MK RO SI 


DK - 4180 Soro (DK) 


(30) Priority: 29.07.1998 GB 9816541 


(74) Representative: Higgin, Paul et al 


Nokia Mobile Phones Ltd, 


(71) Applicant: NOKIA MOBILE PHONES LTD. 


St Georges Court, 


02150 Espoo (Fl) 


St Georges Road 




Camberley, Surrey GU15 3QZ (GB) 



(54) Data transfer verification based on unique id codes 



(57) A method of transferring a data packet from a 
providing communication terminal to a requesting com- 
munication terminal, wherein the requesting communi- 
cation terminal transfers a message to the providing 
communication terminal including a requests for receiv- 
ing the data packet and a first unique identification code 
identifying the requesting communication terminal. Up- 
on receipt of the message the providing communication 
terminal verifies the validity of the first unique identifica- 



tion code. When the verification has been ended suc- 
cessfully, the providing communication terminal re- 
sponds by transferring a message to the requesting 
communication terminal including the requested data 
packet and a second unique identification code. Then 
the requesting communication terminal verifies the va- 
lidity of the second unique identification code and stores 
the data packet accordingly when the verification has 
been successful. 



CO 
< 

In 

o> 
o 

D_ 
LU 



V 



V 



"Z. 



MT 1 



DOWNLOADED 
CODE 31 



MT SOFTWARE 
30 



BASESTATION 32 

A 



SOFTWARE 



33 



PROVIDER — 



DOWNLOADABLE 
CODE 34 



CERTIFICATION 
CENTRE 35 



FIG. 3 



Printed by Jouve. 75001 PARIS (FR) 



EP 0 977 451 A3 



European Patent 
Office 



EUROPEAN SEARCH REPORT 



Application Number 

EP 99 30 5677 



DOCUMENTS CONSIDERED TO BE RELEVANT 



Category 



Citation of document wilh indication, where appropriate, 
of relevant passages 



Relevant 

to claim 



CLASSIFICATION OF THE 
APPLICATION (lnt.CI.7) 



US 5 077 790 A (SHARP RONALD E ET AL) 
31 December 1991 (1991-12-31) 



* column 1, line 41 - column 2, line 6 * 

* column 2, line 48 - column 4, line 24; 
figure 4 * 

EP 0 849 920 A (LUCENT TECHNOLOGIES INC) 
24 June 1998 (1998-06-24) 

* column 6, line 34 - column 9, line 29 * 

EP 0 447 380 A (ERICSSON TELEF0N AB L M) 
18 September 1991 (1991-09-18) 

* the whole document * 



The present search report has been drawn up for all daims 



1,2,8,9, 
12,15, 
19,23, 
29,33,34 



1,8,15, 

19,33,34 

23,29 

1,8,15, 

19,23, 

29,33,34 



H04Q7/32 
H04L29/06 



TECHNICAL FIELDS 
SEARCHED (lnt.CI.7) 



H04Q 
H04L 





Place oi scotch 




Dole o" co 


mpletioT & the acorsrt 


Eusmincr 




THE HAGUE 




1 December 2000 


Tsapelis, A 




CATEGORY OF CITED DOCUMENTS 




T : theory y on'nciaie jncerlymg tno invention 










E : eanler pa:eri docj-rert, but published on, o- 


X 


particularly relcvarv if taken alone 






afte'the filing cale 




Y 


particularly relevarv. it combined witn another 




D : documeni cited ir the application 




cocumert of the same category 






L : document ci ed for oth 


er reasons 


A 


tecnrological do. ckg round 










O 


. non- written d ; sdc£ure 






& : Terr be r of tne same patent famHy. corresponding 


P 


in t er mediate c ecu Tier t 






document 





2 



EP 0 977 451 A3 



ANNEX TO THE EUROPEAN SEARCH REPORT 
ON EUROPEAN PATENT APPLICATION NO. 



EP 99 30 5677 



This annex lists the patent family members relating to the patent documents cited in the above-mentioned European search report. 
The members are as contained in tne European Patent Office EDP file on 

The European Patent Office is in no way liable for these particulars which are merely given for the purpose of information. 

01-12-2000 



Patent document 
cried in search report 



Publication 
date 



Patent lamily 
member(s) 



Publication 
date 



US 


5077790 


A 


31- 


12-1991 AT 


173119 T 


15-11-1998 








AU 


8769091 A 


17-08-1992 










BR 


9106726 A 


29-06-1993 










CA 


2087841 A,C 


01-07-1992 










DE 


69130458 D 


10-12-1998 










EP 


0565528 A 


20-10-1993 










FI 


930307 A 


26-01-1993 










JP 


2546756 B 


23-10-1996 










JP 


6505837 T 


30-06-1994 










KR 


9600935 B 


15-01-1996 










UO 


9212584 A 


23-07-1992 










AU 


649742 B 


02-06-1994 










NO 


930352 A 


02-02-1993 


EP 


0849920 


A 


24- 


■06-1998 US 


5999526 A 


07-12-1999 










CA 


2217422 A 


26-05-1998 










JP 


10198610 A 


31-07-1998 


EP 


0447380 


A 


18- 


-09-1991 SE 


465800 B 


28-10-1991 










AT 


121254 T 


15-04-1995 










AU 


638820 B 


08-07-1993 










AU 


7495291 A 


10-10-1991 










BR 


9104907 A 


14-04-1992 










CA 


2051385 A 


10-09-1991 










CN 


1054868 A,B 


25-09-1991 










DE 


69108762 D 


18-05-1995 










DE 


69108762 T 


24-08-1995 










DK 


447380 T 


24-07-1995 










ES 


2073726 T 


16-08-1995 










FI 


102134 B 


15-10-1998 










HK 


101895 A 


30-06-1995 










IE 


67887 B 


01-05-1996 










JP 


4505693 T 


01-10-1992 










KR 


144560 B 


17-08-1998 










NO 


300249 B 


28-04-1997 










NZ 


236936 A 


27-07-1993 










PT 


96979 A.B 


30-04-1993 










SE 


9000856 A 


10-09-1991 










UO 


9114348 A 


19-09-1991 










us 


5390245 A 


14-02-1995 










us 


5282250 A 


25-01-1994 










us 


5559886 A 


24-09-1996 

















For more details about this annex : see Official Journal of the European Patent Office, No. 12/82 



3 



This Page Blank (uspto) 



This Page is Inserted by IFW Indexing and Scanning 
Operations and is not part of the Official Record 

BEST AVAILABLE IMAGES 

Defective images within tjiis document are accurate representations of the original 
documents submitted by me applicant. ' 

Defects in the images include but are not limited to the items checked: 

□ BLACK BORDERS 

□ IMAGE CUT OFF AT TOP, BOTTOM OR SIDES 
C^FADED TEXT OR DRAWING 

BLURRED OR ILLEGIBLE TEXT OR DRAWING 

□ SKEWED/SLANTED IMAGES 

□ COLOR OR BLACK AND WHITE PHOTOGRAPHS 

□ GRAY SCALE DOCUMENTS 

□ LINES OR MARKS ON ORIGINAL DOCUMENT 

□ REFERENCE(S) OR EXHIBIT(S) SUBMITTED ARE POOR QUALITY 

□ OTHER: 

IMAGES ARE BEST AVAILABLE COPY. 
As rescanning these documents will not correct the image 
problems checked, please do not report these problems to 
the IFW Image Problem Mailbox. 



